Phishing emails remain one of the most common ways cyber attacks begin, affecting businesses of all sizes. They are designed to look like genuine emails from reputable brands, such as Amazon, EVRI and others.
The aim of a phishing email is simple. To get someone to click a link, open an attachment or enter login details into a fake website.
What is a phishing email?
A phishing email is a fraudulent email designed to trick the recipient into taking an action that compromises security.
This could include:
- Clicking on a malicious link
- Downloading an infected attachment
- Sharing login credentials or sensitive information
These emails are often written to appear urgent or important, encouraging the user to click, or fill in any missing information.
Why phishing emails are becoming harder to spot
Phishing emails are no longer as easy to identify. Attackers are using more advanced methods to make them convincing.
They can now include:
- Accurate branding and logos
- Realistic language tailored to the recipient
- References to genuine suppliers or ongoing conversations
- Emails sent from compromised accounts
Generative AI tools such as ChatGPT and Claude have made this even easier. Attackers can now create well written, natural sounding emails regardless of their literacy skills, or first language. This means traditional warning signs, such as poor grammar, are no longer reliable indicators.
Common signs to look out for
While phishing emails are more sophisticated, there are still patterns that can help identify them.
Look out for:
- Unexpected requests, especially involving payments or sensitive data
- A sudden change in tone or urgency from a known contact
- Links or attachments you were not expecting
- Email addresses or domains that look almost correct, but include small spelling changes or added words
Attackers often use lookalike or spoofed domains, changing a single letter, swapping characters or adding words to make an email appear legitimate.
For example:
- paypaI.com (uppercase “i” instead of a lowercase “l”)
- micr0soft.com (number “0” instead of the letter “o”)
- rnicrosoft.com (“rn” used to look like “m”)
- seriun-support.co.uk (extra word added to make it feel official)
- company.co instead of company.co.uk (different domain ending)
These small differences are easy to miss, especially when scanning quickly. In many cases, phishing emails rely on something looking almost right rather than obviously wrong.
Encouraging staff to pause and sense check before acting is one of the most effective first lines of defence. If you’re unsure whether an email is a phishing email, do not click it – let a colleague know, or your IT department if you have one, who will be able to verify the email for you.
Why staff awareness still matters
People remain a key target for phishing attacks. Even with strong technical controls, attackers rely on human behaviour to succeed.
Training and awareness help staff to:
- Recognise suspicious emails
- Question unusual requests
- Report potential threats early
Creating a culture where reporting is encouraged, rather than ignored, helps stop issues before they escalate.
Why awareness alone is not enough
While awareness is important, it should not be your only line of defence.
Mistakes will happen, especially with the volume and quality of modern phishing attempts. This is where technical controls come in.
Effective protection includes:
- Advanced email filtering
- Multi factor authentication (MFA)
- Endpoint protection and monitoring
- Ongoing threat detection
These controls help reduce the impact if a phishing email is successful, limiting access and preventing further damage.
How Seriun helps reduce phishing risk
At Seriun, we work with businesses to reduce reliance on human judgement alone.
This includes:
- Practical staff guidance and cyber awareness training
- Email security tools and configuration
- Phishing email tests
- Ongoing monitoring and support
The aim is to provide layered protection that reduces the chances of an attack succeeding and limits the impact if it does.
Phishing is not going away
Phishing is not going to disappear. As tools and technology improve, attackers will continue to evolve their methods.
The goal for any business should be to:
- Reduce the likelihood of a successful attack
- Minimise the impact if one occurs
- Respond quickly when something does go wrong
Speak to Seriun about protecting your business
If you would like help understanding how these protections apply to your business, Seriun works with organisations across Lancashire, Manchester and nationally to provide straightforward cyber security support without unnecessary jargon.